Bug#608344: claws-mail should look into /etc/ssl/certs to find certificate.

Thu, 30 Dec 2010 18:45:17 -0800 

On 12/31/2010 03:18 AM, Ricardo Mones wrote:


   That seems fine, and is the default configuration, but you referred to a
   "Debian CAcert root certificate", which is not among these (there's a
   debconf one and a SPI one, but no certificate called "Debian" exists).
Sorry, I haven't understood. I'm talking about CAcert. It is free certificate authority, and their root certificate comes in o 
ca-certificates. And have my server, with certificate signed by CAcert.

% openssl x509 -text -in /etc/ssl/certs/cacert.org.pem
...
Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailaddress=supp...@cacert.org 
        Validity
            Not Before: Mar 30 12:29:49 2003 GMT
            Not After : Mar 29 12:29:49 2033 GMT
Subject: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailaddress=supp...@cacert.org 
...
I'm absolutely sure that this is claws-mail bug, because all other programs works well. (mutt, icedove, iceweasel, psi, gajim, gaim and many other). If ca-certificates not installed, all this programs (except of mozilla) shows ssl warning. If ca-certificates installed all this programs trust my server. 


   In any case, once you're sure the certificate is correctly installed and
   trusted, please launch "claws-mail --debug>  debug.log 2>&1"...

I don't think, that all log is interested.
I've substituted path to home and my imap server with $HOME and $SERVER
Folder $HOME/.claws-mail/certs doesn't exists.

...
[05:04:22] IMAP4> 1 STARTTLS
[05:04:22] IMAP4< 1 OK Begin TLS negotiation now
imap-thread.c:1174:imap starttls run - end 0
imap-thread.c:403:generic_cb
imap-thread.c:1217:imap starttls - end
ssl_certificate.c:433:didn't get $HOME/.claws-mail/certs/$SERVER.143.cert
ssl_certificate.c:571:got 142 certs in ca_list! 0xff8890ac
ssl_certificate.c:571:got 142 certs in ca_list! 0xff888edc
...

I've just reread warning, that claws shows, it's strange:

Unknown SSL Certificate
Certificate for equator.ru.net is unknown.
Do you want to accept it?
Signature status: Correct
View certificate
  Owner
            Name: equator.ru.net
    Organization: <not in certificate>
        Location: <not in certificate>

  Signer
            Name: CA Cert Signing Authority
    Organization: Root CA
        Location: <not in certificate>

  Status
     Fingerprint:  MD5: <md5hash>
                   SHA1: <sha1hash>
Signature Status: Correct
      Expires on: 11/03/18(Fri) 20:59

--
sergio.



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to